Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

In a message dated 11/30/2010 4:46:02 PM Pacific Standard Time, 
z...@mzmcbride.com writes:


> The phrase you're looking for is, "An ounce of prevention is a pound of
> cure." Either be an active part of this mailing list and moderate as
> appropriate or give up the damn post already. The current system is 
> clearly
> and desperately ineffective.
> 
> MZMcBride
> 


Yes I agree.  It's pointless to actually allow people to speak freely, when 
you can easily silence your critics by stuffing a sock in their mouth.
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[MZMcBride]

Ryan Lomonaco wrote:
> Enough, everyone.  I don't think anyone knows what the hell this
> conversation is about anymore.  I certainly don't.
> 
> WJhonson is on moderation for the time being.

MZMcBride wrote:
> And, yes, I'll agree that the few times software moderation has
> been used on this list, it's been done poorly.

Thank you for keeping the tradition alive.

The phrase you're looking for is, "An ounce of prevention is a pound of
cure." Either be an active part of this mailing list and moderate as
appropriate or give up the damn post already. The current system is clearly
and desperately ineffective.

MZMcBride



___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[dinar qorbanof]

2010/11/28 dinar qorbanof :
> i should ask first whether wikipedia collects logs.
no, probably as i asked is better, because it like has 2 questions in
it, and usually logs are collected, and it is said in privacy policy
that they may be collected, and even if they are not collected now,
they can be collected.

2010/11/28 dinar qorbanof :
> 2010/11/28 FastLizard4 :
>> Here in the U.S., ISPs keep records of who used what IP address at what
>> time.  So, let's say that I had a dynamic IP address that changed every
>> day.  If I got arrested and the courts ordered my ISP to give them a
>> list of IP addresses I have used in the last month, they would do so,
>> complete with the times I used each IP address.
> so in russia. i say only about relative anonymousity, not against
> government, but against different people.
i said "only about relative anonymousity, not against government, but
against different people" about this:
i said:
>i think that probably they intentionally use dynamic ip for some anonymousity
for that i had said "some". also it is anonymous against government
temporarily, before they trace source ip.
(temporary anonymousity of reading is basic right, for more, easier
trustability of internet, to check that server is not fooling users
sending different content to different people. for example,
theoretically, "closed" social network or forum can show to user his
post with link, hoping he will feel ok, but hide it from other users,
this maybe, for example because it is link to competitor site and
owners of the closed site do some agressive smo blocking link to
competitor sites. "closed" mean that you cannot read it if you are not
logged in. but in this case the closed site also has risk to be
"caught", if user checks his post with several people through
alternative channels or publishing in open site about that he posted
in closed site. but it is hard to check so. availability of anonymous
reading is easy. and should be no premoderation. in that case, even
users who do not see any link to competitor sites can be sure that
they see that anybody else see in the site, and that anybody can post
useful links and other posts, at least temporarily. )

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Ryan Lomonaco]

Enough, everyone.  I don't think anyone knows what the hell this
conversation is about anymore.  I certainly don't.

WJhonson is on moderation for the time being.

-- 
[[User:Ral315]]
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

In a message dated 11/30/2010 11:58:07 AM Pacific Standard Time, 
birgitte...@yahoo.com writes:


> Your recent postings have definitely been foolish.  You seem to be going 
> out of 
> the way to misinterpret everyone's words in the worst possible light. Why 
> should 
> you assume the phrase donor is meant to be restricted to monetary 
> donations? Why 
> must you approach responses that are not full agreement with you as 
> combat?  You 
> obviously aren't on my ignore list, but frankly I am not sure how 
> representative 
> this thread is of your general behavior.  I guess I will know in a year or 
> so. >>
> 

I disagree with your characterization "You seem to be going out of 
the way to misinterpret everyone's words in the worst possible light."

Don't you find a sentence like that a bit extreme?  
Have I really responded to everyone ?  Have I really put every word in the 
worst light?

In U.S. English "donor" in the content of a foundation means monetary.  We 
don't call volunteers who give their *time* donors, we simply call them 
volunteers.  If you are implying that "donor" in terms of a foundation, means 
anyone who donates anything, I would suggest that is a non-standard 
definition.  Are you presuming that in the case of the original message "donor" 
meant 
something else?  I would suggest it did not.

I do not "approach responses that are not full agreement with [me] as comba
t".  When a person directly attacks me, I respond.  That is a normal 
attitude in my opinion.  I did not directly attack you, and yet you directly 
attacked me.  You mischaracterized my responses as "combat", a provocative word 
meant to illicit negative responses and attitudes in the readership.  Yet you 
probably perceive this as a "fair" charge.  My responses to attacks are 
defensive responses, hardly fair to term these "combat".

Does your above response, seem like a logical course toward your goal?  
Does it seem likely to lead to an outcome that you would consider fair and just 
and rational?
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Birgitte SB]

- Original Message 
> From: "wjhon...@aol.com" 
> To: foundation-l@lists.wikimedia.org
> Sent: Tue, November 30, 2010 1:26:55 PM
> Subject: Re: [Foundation-l] should not web server logs (of requests) be 
>published?
> 
> In a message dated 11/30/2010 11:11:10 AM Pacific Standard Time, 
> birgitte...@yahoo.com writes:
> 
> 
> > And like everyone who contributes to this list, they  also send other 
> > messages to the list that are useful or contribute a  perspective that 
> > would 
> > otherwise be absent from the list. They  should definitely not be banned, 
> > but it 
> > is clear that trolling  and personal attacks do not bring about moderation. 
> > >>
> > 
> 
> 
> "Trolling" seems to be defined however any person wishes to define  it.  
> I've been accussed of trolling simply because I espouse a  point-of-view that 
>is 
>
> critical.  To me critcism is not trolling.   Trolling would be, when you do 
> not actually believe what you're saying, but  you say it only to generate 
> some dramatic effect.
> 
> People who believe  their own criticism are critics, and are one of the 
> cornerstones of our  society, without whom, we would sink into the morass of 
> stagnancy.
> 
> Personal attacks to me, are attacks against the character  of a person, not 
> the character of their argument.
> If I say you are being  foolish, that is not the same thing as saying you 
> are a fool.
> 
> The  "Troll" attack is launched, from my experience, whenever a person 
> espouses a  line of argument, with which you not only don't agree, but you 
> find 
>
> offensive in some manner to your ideals.  That is not a troll, that is  a 
> critic.
> 

Trolling wasn't my choice of words, but in the section you snipped, 
AlexandrDmitri suggested that it would lead to moderation.  The term is 
ambiguous, but I can hardly read his mind rephrase it more definitively for 
him.  


Your recent postings have definitely been foolish.  You seem to be going out of 
the way to misinterpret everyone's words in the worst possible light. Why 
should 
you assume the phrase donor is meant to be restricted to monetary donations? 
Why 
must you approach responses that are not full agreement with you as combat?  
You 
obviously aren't on my ignore list, but frankly I am not sure how 
representative 
this thread is of your general behavior.  I guess I will know in a year or so.

Birgitte SB



  

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

In a message dated 11/30/2010 11:11:10 AM Pacific Standard Time, 
birgitte...@yahoo.com writes:


> And like everyone who contributes to this list, they also send other 
> messages to the list that are useful or contribute a perspective that 
> would 
> otherwise be absent from the list. They should definitely not be banned, 
> but it 
> is clear that trolling and personal attacks do not bring about moderation. 
> >>
> 


"Trolling" seems to be defined however any person wishes to define it.  
I've been accussed of trolling simply because I espouse a point-of-view that is 
critical.  To me critcism is not trolling.  Trolling would be, when you do 
not actually believe what you're saying, but you say it only to generate 
some dramatic effect.

People who believe their own criticism are critics, and are one of the 
cornerstones of our society, without whom, we would sink into the morass of 
stagnancy.

Personal attacks to me, are attacks against the character of a person, not 
the character of their argument.
If I say you are being foolish, that is not the same thing as saying you 
are a fool.

The "Troll" attack is launched, from my experience, whenever a person 
espouses a line of argument, with which you not only don't agree, but you find 
offensive in some manner to your ideals.  That is not a troll, that is a 
critic.

W
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Birgitte SB]

- Original Message 
> From: J Alexandr Ledbury-Romanov 
> To: Wikimedia Foundation Mailing List 
> Sent: Tue, November 30, 2010 11:27:03 AM
> Subject: Re: [Foundation-l] should not web server logs (of requests) be 
>published?
> 
> I can guarantee that I myself, one of the three foundation-l list
> moderators,  am not an absent landlord. I read every post with care and
> attention. Whilst  there have been some posts on various threads of late than
> have been to my  mind sub-optimal, there have not, in my opinion, been any
> egrarious personal  attacks or trolling.
> 
> Moderation is not something we take lightly. Indeed,  when we recently
> reluctantly took the decision to ban one member, there were  cries of
> censorship.

There were some who cried censorship at the most Peter Damian's moderation, but 
I for one cried out that there were too few people moderated.  I don't why you 
are equating moderation with banning. Moderation should be taken more lightly 
than banning at least. You seem to be using them interchangeably above.  There 
are people  on my ignore list who consistently and over a period of many years 
send egrarious personal attacks to the list and troll the naive and the 
flustered.  And like everyone who contributes to this list, they also send 
other 
messages to the list that are useful or contribute a perspective that would 
otherwise be absent from the list. They should definitely not be banned, but it 
is clear that trolling and personal attacks do not bring about moderation.

Birgitte SB



  

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[MZMcBride]

J Alexandr Ledbury-Romanov wrote:
> I can guarantee that I myself, one of the three foundation-l list
> moderators, am not an absent landlord. I read every post with care and
> attention. Whilst there have been some posts on various threads of late than
> have been to my mind sub-optimal, there have not, in my opinion, been any
> egrarious personal attacks or trolling.
> 
> Moderation is not something we take lightly. Indeed, when we recently
> reluctantly took the decision to ban one member, there were cries of
> censorship.
> 
> That said, if you feel that there are any posts which overstepped the mark,
> please let me or one of the more experienced list moderators know privately.

It's not really about technical moderation. The answer is usually not to set
the moderation filter in mailman. (And, yes, I'll agree that the few times
software moderation has been used on this list, it's been done poorly.) It's
also not really about reading every post, though as a moderator, at least
skimming them is always a good idea.

The answer is usually for a moderator to try to steer the thread in the
right direction. They may not always be successful, but it's worth a shot
(or two) in any case. It's difficult to explain, but if you've ever been on
a forum or mailing list with a good moderator, I think you'll know what I'm
talking about.

MZMcBride



___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[J Alexandr Ledbury-Romanov]

I can guarantee that I myself, one of the three foundation-l list
moderators, am not an absent landlord. I read every post with care and
attention. Whilst there have been some posts on various threads of late than
have been to my mind sub-optimal, there have not, in my opinion, been any
egrarious personal attacks or trolling.

Moderation is not something we take lightly. Indeed, when we recently
reluctantly took the decision to ban one member, there were cries of
censorship.

That said, if you feel that there are any posts which overstepped the mark,
please let me or one of the more experienced list moderators know privately.

AD
User:AlexandrDmitri on all Wikimedia Projects

2010/11/30 MZMcBride 

> Anthony wrote:
> > On Tue, Nov 30, 2010 at 11:21 AM, MZMcBride  wrote:
> >> This list has mailing list moderators, but they don't seem to do any
> actual
> >> moderating (in the social or technical sense). That seems to be a large
> part
> >> of the problem with nearly every thread like this.
> >>
> >> Is there some sort of unspoken rule that all foundation-l moderators
> must be
> >> absentee landlords?
> >
> > Isn't that the wiki way?
>
> Perhaps, but this is a mailing list, not a wiki.
>
> MZMcBride
>
>
>
> ___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[MZMcBride]

Anthony wrote:
> On Tue, Nov 30, 2010 at 11:21 AM, MZMcBride  wrote:
>> This list has mailing list moderators, but they don't seem to do any actual
>> moderating (in the social or technical sense). That seems to be a large part
>> of the problem with nearly every thread like this.
>> 
>> Is there some sort of unspoken rule that all foundation-l moderators must be
>> absentee landlords?
> 
> Isn't that the wiki way?

Perhaps, but this is a mailing list, not a wiki.

MZMcBride



___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Anthony]

On Tue, Nov 30, 2010 at 11:21 AM, MZMcBride  wrote:
> This list has mailing list moderators, but they don't seem to do any actual
> moderating (in the social or technical sense). That seems to be a large part
> of the problem with nearly every thread like this.
>
> Is there some sort of unspoken rule that all foundation-l moderators must be
> absentee landlords?

Isn't that the wiki way?

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[MZMcBride]

Philippe Beaudette wrote:
> To suggest that the WMF (which means what, exactly, in this context?   Staff?
> Mailing list participants?) does not feel accountable to anyone but donors is
> to make a careless generalization, and one that borders on trolling.

This list has mailing list moderators, but they don't seem to do any actual
moderating (in the social or technical sense). That seems to be a large part
of the problem with nearly every thread like this.

Is there some sort of unspoken rule that all foundation-l moderators must be
absentee landlords?

MZMcBride



___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Anthony]

On Tue, Nov 30, 2010 at 12:34 AM, Russell Nelson  wrote:
> Huh?? Editors are donors as well, as are people who contribute to mailing
> lists, as are you.

So clearly everyone contributing to this discussion has also
contributed to the foundation!

In any case, both you and Dumas quoted me out of context.

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

In a message dated 11/29/2010 10:00:38 PM Pacific Standard Time, 
pbeaude...@wikimedia.org writes:


> To suggest that the WMF (which means what, exactly, in this context?   
> Staff?  Mailing list participants?) does not feel accountable to anyone but 
> donors is to make a careless generalization, and one that borders on 
> trolling.
> 
> The people who make up the staff and the volunteers of our projects are 
> driven and give tremendously of their time.  I defy anyone to find me a 
> single one of them who only feels accountable to donors.   You can't. I 
> guarantee it.  >>
> 

Exactly the reason why I called that generalization into question.
If you read the thread you will see who made it, and who questioned it.

Will
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Philippe Beaudette]

On Nov 29, 2010, at 9:39 PM, James Alexander  wrote:

> On Tue, Nov 30, 2010 at 12:13 AM,  wrote:
> 
>> So it is your belief, that the WMF is not accountable at all to it's
>> volunteers, such as editors?  Just to its donors?
>> 
> 
> 
> I prefer contributers or simply the community. Donors, editors,
> admins, volunteers whatever name you want to call them are all part of that.
> Some people can't give monetarily (or don't want to) some can't (or don't
> want to) give with their time. They are all part of the community that
> drives the projects forward.
> 

I'm going to do something I rarely do: try to speak for others.

At the Foundation offices, I think it is safe to say that every one of us feels 
a deep sense of accountability to the mission, to our coworkers, and to 
contributors of all types: financial, knowledge, editor, administrator, 
developer, and to our readers.  

I have never worked with a more focused and intensely mission driven group.  

I say this as the person running the contribution campaign, and as a long term 
editor.

To suggest that the WMF (which means what, exactly, in this context?   Staff?  
Mailing list participants?) does not feel accountable to anyone but donors is 
to make a careless generalization, and one that borders on trolling.

The people who make up the staff and the volunteers of our projects are driven 
and give tremendously of their time.  I defy anyone to find me a single one of 
them who only feels accountable to donors.   You can't. I guarantee it.  

Philippe
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

In a message dated 11/29/2010 9:34:40 PM Pacific Standard Time, 
russnel...@gmail.com writes:


> Huh?? Editors are donors as well, as are people who contribute to mailing
> lists, as are you.
> 
> On Tue, Nov 30, 2010 at 12:13 AM,  wrote:
> 
> > In a message dated 11/29/2010 8:48:40 PM Pacific Standard Time,
> > russnel...@gmail.com writes:
> >
> >
> > > Those with the passwords are accountable to the foundation, which is
> > > accountable to the donors. The foundation needs to make sure that the
> > > money
> > > donated to it is spent wisely, and not frittered away on frivolous
> > > requirements. If the foundation does a bad job of that, it will be
> > > replaced
> > > by some party which CAN do a good job of being responsible to donors. >
> >
> > >
> >
> > So it is your belief, that the WMF is not accountable at all to it's
> > volunteers, such as editors?  Just to its donors?
> 

Is it your belief, that the WMF is not accountable at all, to the thousands 
or perhaps millions of volunteers who are not also financial contributors 
i.e. not donors ?
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[James Alexander]

On Tue, Nov 30, 2010 at 12:13 AM,  wrote:

> So it is your belief, that the WMF is not accountable at all to it's
> volunteers, such as editors?  Just to its donors?
>


I prefer contributers or simply the community. Donors, editors,
admins, volunteers whatever name you want to call them are all part of that.
Some people can't give monetarily (or don't want to) some can't (or don't
want to) give with their time. They are all part of the community that
drives the projects forward.


-- 
James Alexander
jameso...@gmail.com
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Russell Nelson]

Huh?? Editors are donors as well, as are people who contribute to mailing
lists, as are you.

On Tue, Nov 30, 2010 at 12:13 AM,  wrote:

> In a message dated 11/29/2010 8:48:40 PM Pacific Standard Time,
> russnel...@gmail.com writes:
>
>
> > Those with the passwords are accountable to the foundation, which is
> > accountable to the donors. The foundation needs to make sure that the
> > money
> > donated to it is spent wisely, and not frittered away on frivolous
> > requirements. If the foundation does a bad job of that, it will be
> > replaced
> > by some party which CAN do a good job of being responsible to donors. >>
> >
>
> So it is your belief, that the WMF is not accountable at all to it's
> volunteers, such as editors?  Just to its donors?
> ___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

In a message dated 11/29/2010 8:48:40 PM Pacific Standard Time, 
russnel...@gmail.com writes:


> Those with the passwords are accountable to the foundation, which is
> accountable to the donors. The foundation needs to make sure that the 
> money
> donated to it is spent wisely, and not frittered away on frivolous
> requirements. If the foundation does a bad job of that, it will be 
> replaced
> by some party which CAN do a good job of being responsible to donors. >>
> 

So it is your belief, that the WMF is not accountable at all to it's 
volunteers, such as editors?  Just to its donors?
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Russell Nelson]

On Mon, Nov 29, 2010 at 5:40 PM, Anthony  wrote:

> Those with the passwords do whatever they feel like
> and are accountable to no one?
>

Those with the passwords are accountable to the foundation, which is
accountable to the donors. The foundation needs to make sure that the money
donated to it is spent wisely, and not frittered away on frivolous
requirements. If the foundation does a bad job of that, it will be replaced
by some party which CAN do a good job of being responsible to donors.
Speaking of donors, I hope that everyone contributing to this discussion has
also contributed to the foundation!
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Domas Mituzas]

> Those with the passwords do whatever they feel like
> and are accountable to no one?

yup!

Domas

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Anthony]

On Mon, Nov 29, 2010 at 1:56 PM, Chad  wrote:
> On Mon, Nov 29, 2010 at 8:20 AM, Anthony  wrote:
>> Surely there are ways to publish policies which don't require a formal
>> board resolution every time something changes.  Also, any emergency
>> exceptions could always be documented later, after the emergency has
>> been resolved.
>>
>
> The policy shouldn't change based on minute implementation details.

Of course not.  Basic principles, on the other hand, like who
determines when to keep logs, how long they are allowed to keep them,
for what reasons they are allowed to keep them, who can make an
exception for emergency reasons, how they are to document those
exceptions.  These absolutely should be in a written policy.  What's
the alternative?  Those with the passwords do whatever they feel like
and are accountable to no one?

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[KIZU Naoko]

Perhaps the definition of substance is different between you and me,
Gerard, but I don't expect you won't disagree it's important for us at
the community at large to confirm the Wikimedia accredited troll alive
and go well around.
/me ducks

On Tue, Nov 30, 2010 at 5:29 AM, David Gerard  wrote:
> On 29 November 2010 19:39,   wrote:
>
>
> I suspect you are the only person on this thread who considers that
> you are asking for something substantive and important.

I rather suspected WJhonson just didn't know to talk with one of our
sysadmins ...

>
>
> - d.
>
> ___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>



-- 
KIZU Naoko / 木津尚子
member of Wikimedians in Kansai  / 関西ウィキメディアユーザ会 http://kansai.wikimedia.jp

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[David Gerard]

On 29 November 2010 19:39,   wrote:


I suspect you are the only person on this thread who considers that
you are asking for something substantive and important.


- d.

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Domas Mituzas]

Hi!

> It's isn't my policy, it's our policy.

Who is 'we', whom do you represent? :-) 

> If you don't know to what I refer, then perhaps you can read up on it.

You didn't tell what you represent and what policy you talk about, I don't know 
where to read about it. 

> As far as citing the archives of an email list, that is also not a citable 
> source.

Thats very sad. I'm used to my mailing list posts being cited ;-) 

> If Foundation staff and supporters themselves, are *not prepared* to go on 
> the record with their claims, then why should anyone trust anything they say 
> on an email list?

I cannot speak for Foundation at the moment, so I don't know why they don't go 
"on the record". I don't go "on the record" because I don't see any purpose, I 
already wrote in email what I thought I wanted to write.

> That is the very nature of *false authority*, the bane of our project.  

What do you call 'our project'? I don't understand your affiliation. 

> I must say, I'm quite surprised that some people here don't grasp this 
> concept  yet,
> after the projects being in existence for so many years now, almost a 
> decade right?  It is a fundamental principle, that we should be citing actual 
> authorities, not false claims to authority.


I'm quite surprised you think I should care about whatever you want me to care 
because you want me to care about it. 

Cheers,
Domas
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

In a message dated 11/29/2010 11:33:05 AM Pacific Standard Time, 
midom.li...@gmail.com writes:


> Hi!
> 
> > Go on record, then I'll cite you.
> > An email list is not a citable source, per our policy.
> 
> Why would I care about your policy? Which policy is 'our' policy? Why does 
> it apply to anything here? 
> 
> > However a page on the server is citable.
> > So put your reputation up for view, then you'll be citable :)
> 
> http://lists.wikimedia.org/pipermail/foundation-l/2010-November/062730.html
> 
> 
> Domas
> 

It's isn't my policy, it's our policy.
If you don't know to what I refer, then perhaps you can read up on it.
As far as citing the archives of an email list, that is also not a citable 
source.

If Foundation staff and supporters themselves, are *not prepared* to go on 
the record with their claims, then why should anyone trust anything they say 
on an email list?

That is the very nature of *false authority*, the bane of our project.  I 
must say, I'm quite surprised that some people here don't grasp this concept 
yet, after the projects being in existence for so many years now, almost a 
decade right?  It is a fundamental principle, that we should be citing actual 
authorities, not false claims to authority.

W
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Domas Mituzas]

Hi!

> Go on record, then I'll cite you.
> An email list is not a citable source, per our policy.

Why would I care about your policy? Which policy is 'our' policy? Why does it 
apply to anything here? 

> However a page on the server is citable.
> So put your reputation up for view, then you'll be citable :)

http://lists.wikimedia.org/pipermail/foundation-l/2010-November/062730.html

Domas
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

If that's the case, I would suggest, if it does not do so already, that the 
server also grab details about "How did you get here?" such as keywords 
used, or page-come-from and so on.

Also I would want it to grab geographic location (where known), which would 
help us to know, for example, if we're getting a lot of readers from 
Nigeria, or none.

W
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Andrew Gray]

On 29 November 2010 10:11, Domas Mituzas  wrote:
>> The sampled 1/1000 squid logs can be used for statistical purposes, such as
>> page view stats.  Someone more techy can answer that better than I can, if
>> the samples include IP addresses that could be used w/ geoip for geographic
>> analysis. (I think perhaps not)
>
> we do aggregations on full sample, not 1/1000
> 1/1000 gets saved to a file for post-mortems and "wtf is going on" type of 
> analysis.

Ah, that explains it - I was wondering how we could get something as
precise as "three views one day, five the next" out of a 1/1000
sample! So am I right in assuming that what happens is:

1) page request comes in and is served
2) every thousandth request is sent to a separate file and logged
3) the rest are stripped of all data bar "X page requested"
4) this is kept for the pageview statistics, which are very fine-grained

The end result: one file with 0.1% of requests logged in detail and
another file with "hit counts" and no more.

-- 
- Andrew Gray
  andrew.g...@dunelm.org.uk

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

In a message dated 11/29/2010 2:14:38 AM Pacific Standard Time, 
midom.li...@gmail.com writes:


> This isn't Wikipedia, this is Wikimedia. You can cite me, if you want.
> 

Go on record, then I'll cite you.
An email list is not a citable source, per our policy.
However a page on the server is citable.
So put your reputation up for view, then you'll be citable :)

W
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Chad]

On Mon, Nov 29, 2010 at 8:20 AM, Anthony  wrote:
> Surely there are ways to publish policies which don't require a formal
> board resolution every time something changes.  Also, any emergency
> exceptions could always be documented later, after the emergency has
> been resolved.
>

The policy shouldn't change based on minute implementation details.
Like Andre said, it is designed to describe the general policies, not the
specifics.

A page on wikitech like [[Log rotation procedures]] would both document
the process and be citable to those who have questions.

And it doesn't need a board resolution at all :D

-Chad

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Anthony]

On Mon, Nov 29, 2010 at 4:41 AM, Andre Engels  wrote:
> On Mon, Nov 29, 2010 at 6:26 AM,   wrote:
>> I know quite a lot about operational requirements, and I know that policies
>> should state clearly what IS being done, not what may be done.
>> It's quite practical to be more explicit.  For example, the policy could
>> state clearly what exactly is being done.  That would be more explicit.
>
> Yes, that would be more explicit. It would also mean that every minute
> change of procedure would entail a policy change. Policies are not
> meant to be descriptions of what we do and how we do it, they are
> meant to be the rules that we put on ourselves about what we do and
> what we do not do. There are things that we promise to do and there
> are things that we promise not to do. But there are also things that
> we want to keep a leeway of doing, not doing or doing in a different
> way without needing a formal board resolution each time something
> changes.

Surely there are ways to publish policies which don't require a formal
board resolution every time something changes.  Also, any emergency
exceptions could always be documented later, after the emergency has
been resolved.

But I'm not sure how practical it would be.  Maybe there are times
when you want to be able to analyze people's page views without
tipping them off to the fact that you're doing so.

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Domas Mituzas]

>   Humans are not citable  sources, per our policy.

This isn't Wikipedia, this is Wikimedia. You can cite me, if you want.

Domas

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Domas Mituzas]

> The sampled 1/1000 squid logs can be used for statistical purposes, such as
> page view stats.  Someone more techy can answer that better than I can, if
> the samples include IP addresses that could be used w/ geoip for geographic
> analysis. (I think perhaps not)

we do aggregations on full sample, not 1/1000
1/1000 gets saved to a file for post-mortems and "wtf is going on" type of 
analysis. 

Domas
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Domas Mituzas]

Hi!

> There aren't any raw logs?

Closest to raw log we may have is 1/1000 sample, that we keep sometimes for 
noticing obvious things like DDoS or software feature gone mad. 

Domas
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Domas Mituzas]

Hi!

> Each web server, of which the WMF has a few, collects details on the 
> behaviour of IPs, in logs.  Those logs can be and probably have been 
> requested by 
> certain government officials, most likely for the purpose of tracking down 
> who is behind a certain "Bad" posting to a BLP.

We log edits, not page views. These are not 'web server' logs, these are 
mediawiki logs. 

Domas
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Andre Engels]

On Mon, Nov 29, 2010 at 6:26 AM,   wrote:
> In a message dated 11/28/2010 9:06:36 PM Pacific Standard Time,
> russnel...@gmail.com writes:
>
> Yes I agree, the policy is extremely vague.
> We may be struck by lightning, we may be abducted by aliens, we may be
> sentient beings.
> May doesn't say anything.  Why have a policy which uses "may"? So you can
> do anything at all and say "well we did say we MAY..."
> That's not a policy, it's a non-policy.

The policy, by using the word "may" states the maximum amount of what
we may do. It does on the one hand warn users of what *might* be done,
on the other hand ensures them about what might definitely *not* be
done.

> I know quite a lot about operational requirements, and I know that policies
> should state clearly what IS being done, not what may be done.
> It's quite practical to be more explicit.  For example, the policy could
> state clearly what exactly is being done.  That would be more explicit.

Yes, that would be more explicit. It would also mean that every minute
change of procedure would entail a policy change. Policies are not
meant to be descriptions of what we do and how we do it, they are
meant to be the rules that we put on ourselves about what we do and
what we do not do. There are things that we promise to do and there
are things that we promise not to do. But there are also things that
we want to keep a leeway of doing, not doing or doing in a different
way without needing a formal board resolution each time something
changes.

> I know what Aude stated.  I asked for a citation to the actual policy of
> the WMF on that point.  But apparently there isn't any.
> You mean it's not practical or productive to keep users informed of what
> information is being stored on them.
> Why bother with a clear privacy policy, why not simply ignore anyone who
> pushes for one? And then claim you're not
> Very clever.
>
> W
> ___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>



-- 
André Engels, andreeng...@gmail.com

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

In a message dated 11/28/2010 9:06:36 PM Pacific Standard Time, 
russnel...@gmail.com writes:


> The policy is very explicit. It says that logs may be kept. If you know
> anything about operational requirements, you will understand that that 
> means
> that logs are not routinely kept, but may be kept in order to diagnose
> problems. It's not practical to be more explicit than that. Aude has 
> already
> explained that in the usual case, the http server itself keeps no logs
> (because they'd just tell ops which squids are accessing which server), 
> and
> the squids themselves discard 99.9% of all accesses.
> 
> You're not likely to get any better explanation of what happens, because
> it's simply not practical or productive to keep you informed of which 
> squids
> or servers have had logging turned on. Rest assures that nobody at the WMF
> cares who is accessing what page. They have more interesting problems to
> solve!
> 

Yes I agree, the policy is extremely vague.
We may be struck by lightning, we may be abducted by aliens, we may be 
sentient beings.
May doesn't say anything.  Why have a policy which uses "may"? So you can 
do anything at all and say "well we did say we MAY..."
That's not a policy, it's a non-policy.

I know quite a lot about operational requirements, and I know that policies 
should state clearly what IS being done, not what may be done.
It's quite practical to be more explicit.  For example, the policy could 
state clearly what exactly is being done.  That would be more explicit.

I know what Aude stated.  I asked for a citation to the actual policy of 
the WMF on that point.  But apparently there isn't any.
You mean it's not practical or productive to keep users informed of what 
information is being stored on them.
Why bother with a clear privacy policy, why not simply ignore anyone who 
pushes for one? And then claim you're not
Very clever.

W
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Russell Nelson]

The policy is very explicit. It says that logs may be kept. If you know
anything about operational requirements, you will understand that that means
that logs are not routinely kept, but may be kept in order to diagnose
problems. It's not practical to be more explicit than that. Aude has already
explained that in the usual case, the http server itself keeps no logs
(because they'd just tell ops which squids are accessing which server), and
the squids themselves discard 99.9% of all accesses.

You're not likely to get any better explanation of what happens, because
it's simply not practical or productive to keep you informed of which squids
or servers have had logging turned on. Rest assures that nobody at the WMF
cares who is accessing what page. They have more interesting problems to
solve!

On Sun, Nov 28, 2010 at 11:57 PM,  wrote:

> In a message dated 11/28/2010 8:09:28 PM Pacific Standard Time,
> nawr...@gmail.com writes:
>
>
> > There's a joke in here somewhere, maybe about applying en.wp talkpage
> > style argumentation to "real life", but maybe we can just call this a
> > dead issue and move on rather than argue in circles forever with Will.
> >
> >
>
> I would say that you are trying to paint me as some kind of antagonist who
> has no purpose in my argument direction.  No Ad Hominem attacks please.
>
> There is a quite definite purpose in my point.
> That the WMF has no specific policy on what to retain, nor how long to
> retain it.
> That is a rather important issue for many people.
> I hope that people will be considerate of the nature of this privacy issue
> and not try to sweep it under the rug.  It should be addressed clearly and
> directly.
> ___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

In a message dated 11/28/2010 8:09:28 PM Pacific Standard Time, 
nawr...@gmail.com writes:


> There's a joke in here somewhere, maybe about applying en.wp talkpage
> style argumentation to "real life", but maybe we can just call this a
> dead issue and move on rather than argue in circles forever with Will.
> 
> 

I would say that you are trying to paint me as some kind of antagonist who 
has no purpose in my argument direction.  No Ad Hominem attacks please.

There is a quite definite purpose in my point.
That the WMF has no specific policy on what to retain, nor how long to 
retain it.
That is a rather important issue for many people.
I hope that people will be considerate of the nature of this privacy issue 
and not try to sweep it under the rug.  It should be addressed clearly and 
directly.
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Nathan]

On Sun, Nov 28, 2010 at 10:54 PM,  wrote:
>
> Again Aude, this is your statement only.  This is not an official
> statement of what the policy is or isn't, nor what is or isn't done under any
> policy which may or may not exist.  You may be satisfied that you are  right, 
> but
> I would rather have a citable source.  Humans are not citable  sources, per
> our policy.
>

There's a joke in here somewhere, maybe about applying en.wp talkpage
style argumentation to "real life", but maybe we can just call this a
dead issue and move on rather than argue in circles forever with Will.

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

Again Aude, this is your statement only.  This is not an official  
statement of what the policy is or isn't, nor what is or isn't done under any  
policy which may or may not exist.  You may be satisfied that you are  right, 
but 
I would rather have a citable source.  Humans are not citable  sources, per 
our policy.
 
W
 
 
 
 
In a message dated 11/28/2010 4:24:14 P.M. Pacific Standard Time,  
aude.w...@gmail.com writes:

Under  the policy, WMF is permitted to collect and keep apache and squid 
logs
but  the policy gives more leeway than what is done in practice.  WMF  does
collect squid logs but quite sure it's only 1/1000 sample.  They  don't keep
apache access  logs.

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

How exactly do config files tell us what the WMF is retaining?
That the error logs are manually purged tells us that they are in fact  
retaining details.
What I asked was an official statement of what and for how long.
The config files do not answer that question.
 
At any rate you didn't link to them anyway, not in this thread.
 
 
 
In a message dated 11/28/2010 5:37:18 P.M. Pacific Standard Time,  
aude.w...@gmail.com writes:

The WMF  server config files are there for everyone to see.  Do you not   
consider them "reliable" source? Do you not believe they are in fact   
the server config settings used by WMF?

There are apache error logs  (notice LogLevel) that are collected.  
Those are manually purged, as  of 2008. (source: Tim Starling  
http://lists.wikimedia.org/pipermail/foundation-l/2008-September/045811.html  
)

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[aude]

On Sun, Nov 28, 2010 at 6:51 PM,  wrote:
In a message dated 11/28/2010 3:36:34 PM Pacific Standard Time,
russnel...@gmail.com writes:


 > You misbelieve. Listen to Aude. She knows what she's talking about.
 >

I'd rather have Aude cite a reliable source.

"The Wikimedia Foundation *MAY* keep raw logs of such  
transactions" (emphasis added)

http://wikimediafoundation.org/wiki/Wikimedia:Privacy_policy

Under the policy, WMF is permitted to collect and keep apache and  
squid logs but the policy gives more leeway than what is done in  
practice.  WMF does collect squid logs but only 1/1000  sample.  They  
don't keep apache access logs, (e.g. I think these are what you mean  
by ip server logs) per httpd.conf file that I linked to in earlier  
email.

The WMF server config files are there for everyone to see.  Do you not  
consider them "reliable" source? Do you not believe they are in fact  
the server config settings used by WMF?

There are apache error logs (notice LogLevel) that are collected.  
Those are manually purged, as of 2008. (source: Tim Starling 
http://lists.wikimedia.org/pipermail/foundation-l/2008-September/045811.html 
)

In that thread, you can read more of what Tim and others had to say on  
to, including Sue.

I can't say more than that but hope you have enough info and sources.

Cheers,
-Katie (@aude)


People are not reliable sources.  No living person is such an authority
that we should listen to that person.  Not even on their own  
biography, much
less anything else.

The role of the expert is not to spout dogma, but rather to build a case
using citable sources.  No one is immune from this diction.  The  
Archangel
Gabriel told me so.

W

On a side-note you completely ignored what I actually stated.
Aude mentioned the checkuser logs.  I pointed out that IP server logs  
are
*not* the same thing as checkuser logs.  The privacy policy states  
that these
exist, that they are kept.  It states or at least implies that as I  
said,
they are not the same thing as the checkuser logs.

It does not state for how long, either is kept.

So there.


___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Russell Nelson]

Thank you for letting me know that YOU are not a reliable source of anything. 
Aude, on the other hand, I trust to be reliable.

wjhon...@aol.com wrote:

>In a message dated 11/28/2010 3:36:34 PM Pacific Standard Time, 
>russnel...@gmail.com writes:
>
>
>> You misbelieve. Listen to Aude. She knows what she's talking about.
>> 
>
>I'd rather have Aude cite a reliable source.
>People are not reliable sources.  No living person is such an authority 
>that we should listen to that person.  Not even on their own biography, much 
>less anything else.
>
>The role of the expert is not to spout dogma, but rather to build a case 
>using citable sources.  No one is immune from this diction.  The Archangel 
>Gabriel told me so.
>
>W
>
>On a side-note you completely ignored what I actually stated.
>Aude mentioned the checkuser logs.  I pointed out that IP server logs are 
>*not* the same thing as checkuser logs.  The privacy policy states that these 
>exist, that they are kept.  It states or at least implies that as I said, 
>they are not the same thing as the checkuser logs.
>
>It does not state for how long, either is kept.
>
>So there.
>
>
>___
>foundation-l mailing list
>foundation-l@lists.wikimedia.org
>Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[aude]

On Sun, Nov 28, 2010 at 6:51 PM,  wrote:

> In a message dated 11/28/2010 3:36:34 PM Pacific Standard Time,
> russnel...@gmail.com writes:
>
>
> > You misbelieve. Listen to Aude. She knows what she's talking about.
> >
>
> I'd rather have Aude cite a reliable source.
>

"The Wikimedia Foundation **MAY** keep raw logs of such transactions"
(emphasis added)

http://wikimediafoundation.org/wiki/Wikimedia:Privacy_policy

Under the policy, WMF is permitted to collect and keep apache and squid logs
but the policy gives more leeway than what is done in practice.  WMF does
collect squid logs but quite sure it's only 1/1000 sample.  They don't keep
apache access logs.

The WMF server config files are there for everyone to see.

There are apache error logs (notice LogLevel) that are collected. Those are
manually purged, as of 2008. (source: Tim Starling
http://lists.wikimedia.org/pipermail/foundation-l/2008-September/045811.html
)

In that thread, you can read more of what Tim and others had to say on to,
including Sue.

-Katie (@aude)




> People are not reliable sources.  No living person is such an authority
> that we should listen to that person.  Not even on their own biography,
> much
> less anything else.
>
> The role of the expert is not to spout dogma, but rather to build a case
> using citable sources.  No one is immune from this diction.  The Archangel
> Gabriel told me so.
>
> W
>
> On a side-note you completely ignored what I actually stated.
> Aude mentioned the checkuser logs.  I pointed out that IP server logs are
> *not* the same thing as checkuser logs.  The privacy policy states that
> these
> exist, that they are kept.  It states or at least implies that as I said,
> they are not the same thing as the checkuser logs.
>

It does not state for how long, either is kept.
>
> So there.
>
>
> ___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

In a message dated 11/28/2010 3:36:34 PM Pacific Standard Time, 
russnel...@gmail.com writes:


> You misbelieve. Listen to Aude. She knows what she's talking about.
> 

I'd rather have Aude cite a reliable source.
People are not reliable sources.  No living person is such an authority 
that we should listen to that person.  Not even on their own biography, much 
less anything else.

The role of the expert is not to spout dogma, but rather to build a case 
using citable sources.  No one is immune from this diction.  The Archangel 
Gabriel told me so.

W

On a side-note you completely ignored what I actually stated.
Aude mentioned the checkuser logs.  I pointed out that IP server logs are 
*not* the same thing as checkuser logs.  The privacy policy states that these 
exist, that they are kept.  It states or at least implies that as I said, 
they are not the same thing as the checkuser logs.

It does not state for how long, either is kept.

So there.


___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Russell Nelson]

On Sun, Nov 28, 2010 at 4:27 PM,  wrote:

> My belief is that this is not so.  Checkuser logs are not the same thing as
> IP logs.
>

You misbelieve. Listen to Aude. She knows what she's talking about.
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Andrew Gray]

On 28 November 2010 23:08, Erik Zachte  wrote:

> People may not search their name in Wikipedia (although I'm not too sure
> about that, many people might want to search for their surname looking for
> famous ancestors).

Idle thought: given how quick people sometimes are to spot changes to
"their" article, how many BLPs of limited notability have the subject
as the most common reader? There's certainly an issue there...

That said, the most obvious problem with things like IP-article view
data is that disclosing IPs (or non-IP identifiers) would make it
fairly easy to reconstruct the browsing patterns of editors. Casual
readers, not so much, but editors would be trivial - look for a fairly
obscure page which was edited recently by a single user, look at the
pageviews for that page, and you've almost certainly pinpointed the
IP/identifier for that editor.

At which point, you can easily discover their great fondness for
reading about something embarrassing...

-- 
- Andrew Gray
  andrew.g...@dunelm.org.uk

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Erik Zachte]

WJhonson wrote: 
> Regardless of what occurred with the AOL details, that is a "Red Herring" 
> as I said, because such an event would not and could not occur with 
> Wikipedia details.

> People regardless of whether or not they searched their own personal 
> details within the AOL search engine... would not search their own 
> personal details within the Wikipedia engine.

I think you missed my point: that lots of innocent data pieced together tell
a new story.

People may not search their name in Wikipedia (although I'm not too sure
about that, many people might want to search for their surname looking for
famous ancestors). 
They may not search for local shops, but will search for their home town,
the university they attended, their favorite car brands and sports, and so
on (please show a little imagination here).

Here is just one example of an article that may invoke scrutiny of
contributors.
http://tinyurl.com/2axrcar

Erik Zachte




___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

In a message dated 11/28/2010 2:34:37 PM Pacific Standard Time, 
erikzac...@infodisiac.com writes:


> Repost with shortened url:
> 
> WJhonson:
> > The issue with the AOL Search Scandal is a red herring.  People are 
> > not going to be searching for their own phone number or Social 
> > Security numbers within Wikipedia.  And even if someone searches for 
> > such a thing, there is no way to know that they are looking for 
> > details on themselves, or on someone else.
> > 
> > Our entry on that regardless notes a lawsuit *four years old* with no 
> > resolution http://en.wikipedia.org/wiki/AOL_search_data_scandal
> > 
> > Indicative I suggest of it being a non-story.
> 
> Many people did search for their own name occasionally, and relatively 
> often
> did search for local shops and local news. 
> Each of these clues were ambiguous and insignificant by themselves, but 
> once
> put together often did paint a unique picture of one single person.
> 
> Apparently de-anonimization is a nice pursuit for some would-be 
> detectives,
> and quite possibly also for government officials in some parts of the 
> world
> where privacy is considered a risk to a state's stability. 
> 
> The AOL data were taken offline very quickly (and the research team
> disbanded), but copies had already been made, and you can still find the
> data online now. 
> 
> http://www.gregsadetsky.com/aol-data/ 
> 
> The following article paints a rather graphical picture of how search 
> terms
> came to haunt back their author.
> 
> http://tinyurl.com/322a5pk
> 
> Erik Zachte
> 

You ignored my point.
Regardless of what occurred with the AOL details, that is a "Red Herring" 
as I said, because such an event would not and could not occur with Wikipedia 
details.

People regardless of whether or not they searched their own personal 
details within the AOL search engine... would not search their own personal 
details within the Wikipedia engine.

Do you know understand my point?
What this thread is about is releasing details of activity *within* 
Wikipedia.  We have no control over details of activity *outside* Wikipedia.

Thus, the event described here as the atom bomb of personal exposure, is 
moot (not relevant, not related, a red herring) to this thread.

W
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Erik Zachte]

Repost with shortened url:

WJhonson:
> The issue with the AOL Search Scandal is a red herring.  People are 
> not going to be searching for their own phone number or Social 
> Security numbers within Wikipedia.  And even if someone searches for 
> such a thing, there is no way to know that they are looking for 
> details on themselves, or on someone else.
> 
> Our entry on that regardless notes a lawsuit *four years old* with no 
> resolution http://en.wikipedia.org/wiki/AOL_search_data_scandal
> 
> Indicative I suggest of it being a non-story.

Many people did search for their own name occasionally, and relatively often
did search for local shops and local news. 
Each of these clues were ambiguous and insignificant by themselves, but once
put together often did paint a unique picture of one single person.

Apparently de-anonimization is a nice pursuit for some would-be detectives,
and quite possibly also for government officials in some parts of the world
where privacy is considered a risk to a state's stability. 

The AOL data were taken offline very quickly (and the research team
disbanded), but copies had already been made, and you can still find the
data online now. 

http://www.gregsadetsky.com/aol-data/ 

The following article paints a rather graphical picture of how search terms
came to haunt back their author.

http://tinyurl.com/322a5pk

Erik Zachte




___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

[Foundation-l] should not web server logs (of requests) be published?

[Erik Zachte]

WJhonson:
> The issue with the AOL Search Scandal is a red herring.  People are not
> going to be searching for their own phone number or Social Security
numbers
> within Wikipedia.  And even if someone searches for such a thing, there is
no
> way to know that they are looking for details on themselves, or on someone
> else.
> 
> Our entry on that regardless notes a lawsuit *four years old* with no
> resolution
> http://en.wikipedia.org/wiki/AOL_search_data_scandal
> 
> Indicative I suggest of it being a non-story.

Many people did search for their own name occasionally,
and relatively often did search for local shops and local news. 
Each of these clues were ambiguous and insignificant by themselves, 
but once put together often did paint a unique picture of one single person.

Apparently de-anonimization is a nice pursuit for some would-be detectives,
and quite possibly also for government officials in some parts of the world 
where privacy is considered a risk to a state's stability. 

The AOL data were taken offline very quickly (and the research team
disbanded),
but copies had already been made, and you can still find the data online
now. 

http://www.gregsadetsky.com/aol-data/ 

The following article paints a rather graphical picture of how search terms
came to haunt back their author.

http://www.zdnet.co.uk/news/networking/2006/08/08/search-history-gives-insig
ht-into-lives-of-aol-users-39280576/

Erik Zachte





___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

My belief is that this is not so.  Checkuser logs are not the same thing as 
IP logs.

Are you suggesting that should a court, three months-and-a-day after a 
logged in user made a libelous edit, order the WMF to release the IP address of 
that user, they would not be able to do so?  I suggest they would and 
probably have. 

I would like to see a clear citation to where, when and how the WMF retains 
logs of user activity.  Is there actually such an official statement 
somewhere?  And could anyone cite it with a link?

The issue with the AOL Search Scandal is a red herring.  People are not 
going to be searching for their own phone number or Social Security numbers 
within Wikipedia.  And even if someone searches for such a thing, there is no 
way to know that they are looking for details on themselves, or on someone 
else.

Our entry on that regardless notes a lawsuit *four years old* with no 
resolution
http://en.wikipedia.org/wiki/AOL_search_data_scandal

Indicative I suggest of it being a non-story.
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[aude]

On Sun, Nov 28, 2010 at 3:41 PM, dinar qorbanof  wrote:

> :) ok then. thank you. i should ask first whether wikipedia collects logs.
>
> 2010/11/28 aude :
> > On Sun, Nov 28, 2010 at 2:30 PM,  wrote:
> >
> >> I'm afraid our Tatar is correct in some senses and others in this thread
> >> are in a failing  or failed mode.
> >>
> >> Each web server, of which the WMF has a few, collects details on the
> >> behaviour of IPs, in logs.  Those logs can be and probably have been
> >> requested by
> >> certain government officials, most likely for the purpose of tracking
> down
> >> who is behind a certain "Bad" posting to a BLP.
> >>
> >>
> > CheckUser data (IPs of editors) are kept for 3 months.
> >
> >
> http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/CheckUser/CheckUser.php?view=markup
> >
> > WMF does not keep apache logs which would track what pages people are
> > reading.''
> >
> > http://noc.wikimedia.org/conf/httpd.conf (see CustomLog which is
> commented
> > out, meaning that access logs are not kept)
> >
> > There are some logs for the squid servers which are used to generate page
> > view stats, but those take a 1/1000 sample and there are full squid logs
> for
> > click throughs on the fundraising banners.
> >
> > http://wikitech.wikimedia.org/view/Squid_logging
> >
> > So, we do not have readership logs except for the sampled squid logs.
>  For
> > performance reasons, it's not desirable to collect more detailed logs,
> nor
> > would we really want them.
> >
> > -Katie (@aude)
> >
> >
> >> In addition, courts can make such orders in order to determine an
> otherwise
> >> "John Doe" named in a suit, such as for libel, etc.  It's happened it
> will
> >> continue to happen, the WMF does keep such logs.
> >>
> >> Knowing the IP, it can then be tracked back to that user's ISP and a log
> >> again requested to determine the exact person, or at least business or
> >> household, who used the IP at that exact time.  So playing with words,
> >> doesn't let
> >> us get around that point.
> >>
> >> I'm still not clear why we would want to know the IP exactly for
> analytical
> >> purposes.  Some intrepid programmer could write a program which would
> >> simply collect detailed analysis of a person's in-world behaviour and
> call
> >> them
> >> "Bob992" instead of 13.42.204.192 or whatever.  Making the information
> >> packets anonymous.  That would still allow any sort of analysis the
> Tatars
> >> want to
> >> make, and not reveal any private information.
> >
> >
> >> W
> >> ___
> >> foundation-l mailing list
> >> foundation-l@lists.wikimedia.org
> >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
> >>
> > ___
> > foundation-l mailing list
> > foundation-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
> >
>
>
>
> and i write again, do not you or somebody know why my messages are not
> published in the official mail archive? i do not format my message
> correctly?
>
>
I don't know. :/

-Katie (aude)


___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Dan Rosenthal]

We should all be asking "Is there really a problem here that would justify 
creating a major exception to our privacy policies?" -- because I haven't seen 
one. Did anyone notice how some of the earlier posts were suggesting that it 
was OK because people can anonymize themselves with a proxy or some other 
option -- a situation that would require a user (possibly one with no 
understanding of the concept of open proxies) to take technical steps simply to 
"opt-in" to privacy.  Also, did anyone think to ask the tech team whether 
they'd be OK shouldering the burden of releasing these logs? Or the OTRS team 
whether they're OK with dealing the email burden that would come with that? Or 
Communications to see whether they agree with the negative PR of this?

Any one of these above steps would probably have revealed that it is a bad 
idea. Just sayin.


-Dan
On Nov 28, 2010, at 3:41 PM, dinar qorbanof wrote:

> :) ok then. thank you. i should ask first whether wikipedia collects logs.
> 
> 2010/11/28 aude :
>> On Sun, Nov 28, 2010 at 2:30 PM,  wrote:
>> 
>>> I'm afraid our Tatar is correct in some senses and others in this thread
>>> are in a failing  or failed mode.
>>> 
>>> Each web server, of which the WMF has a few, collects details on the
>>> behaviour of IPs, in logs.  Those logs can be and probably have been
>>> requested by
>>> certain government officials, most likely for the purpose of tracking down
>>> who is behind a certain "Bad" posting to a BLP.
>>> 
>>> 
>> CheckUser data (IPs of editors) are kept for 3 months.
>> 
>> http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/CheckUser/CheckUser.php?view=markup
>> 
>> WMF does not keep apache logs which would track what pages people are
>> reading.''
>> 
>> http://noc.wikimedia.org/conf/httpd.conf (see CustomLog which is commented
>> out, meaning that access logs are not kept)
>> 
>> There are some logs for the squid servers which are used to generate page
>> view stats, but those take a 1/1000 sample and there are full squid logs for
>> click throughs on the fundraising banners.
>> 
>> http://wikitech.wikimedia.org/view/Squid_logging
>> 
>> So, we do not have readership logs except for the sampled squid logs.  For
>> performance reasons, it's not desirable to collect more detailed logs, nor
>> would we really want them.
>> 
>> -Katie (@aude)
>> 
>> 
>>> In addition, courts can make such orders in order to determine an otherwise
>>> "John Doe" named in a suit, such as for libel, etc.  It's happened it will
>>> continue to happen, the WMF does keep such logs.
>>> 
>>> Knowing the IP, it can then be tracked back to that user's ISP and a log
>>> again requested to determine the exact person, or at least business or
>>> household, who used the IP at that exact time.  So playing with words,
>>> doesn't let
>>> us get around that point.
>>> 
>>> I'm still not clear why we would want to know the IP exactly for analytical
>>> purposes.  Some intrepid programmer could write a program which would
>>> simply collect detailed analysis of a person's in-world behaviour and call
>>> them
>>> "Bob992" instead of 13.42.204.192 or whatever.  Making the information
>>> packets anonymous.  That would still allow any sort of analysis the Tatars
>>> want to
>>> make, and not reveal any private information.
>> 
>> 
>>> W
>>> ___
>>> foundation-l mailing list
>>> foundation-l@lists.wikimedia.org
>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>>> 
>> ___
>> foundation-l mailing list
>> foundation-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>> 
> 
> 
> 
> and i write again, do not you or somebody know why my messages are not
> published in the official mail archive? i do not format my message
> correctly?
> 
> ___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l


___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[dinar qorbanof]

:) ok then. thank you. i should ask first whether wikipedia collects logs.

2010/11/28 aude :
> On Sun, Nov 28, 2010 at 2:30 PM,  wrote:
>
>> I'm afraid our Tatar is correct in some senses and others in this thread
>> are in a failing  or failed mode.
>>
>> Each web server, of which the WMF has a few, collects details on the
>> behaviour of IPs, in logs.  Those logs can be and probably have been
>> requested by
>> certain government officials, most likely for the purpose of tracking down
>> who is behind a certain "Bad" posting to a BLP.
>>
>>
> CheckUser data (IPs of editors) are kept for 3 months.
>
> http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/CheckUser/CheckUser.php?view=markup
>
> WMF does not keep apache logs which would track what pages people are
> reading.''
>
> http://noc.wikimedia.org/conf/httpd.conf (see CustomLog which is commented
> out, meaning that access logs are not kept)
>
> There are some logs for the squid servers which are used to generate page
> view stats, but those take a 1/1000 sample and there are full squid logs for
> click throughs on the fundraising banners.
>
> http://wikitech.wikimedia.org/view/Squid_logging
>
> So, we do not have readership logs except for the sampled squid logs.  For
> performance reasons, it's not desirable to collect more detailed logs, nor
> would we really want them.
>
> -Katie (@aude)
>
>
>> In addition, courts can make such orders in order to determine an otherwise
>> "John Doe" named in a suit, such as for libel, etc.  It's happened it will
>> continue to happen, the WMF does keep such logs.
>>
>> Knowing the IP, it can then be tracked back to that user's ISP and a log
>> again requested to determine the exact person, or at least business or
>> household, who used the IP at that exact time.  So playing with words,
>> doesn't let
>> us get around that point.
>>
>> I'm still not clear why we would want to know the IP exactly for analytical
>> purposes.  Some intrepid programmer could write a program which would
>> simply collect detailed analysis of a person's in-world behaviour and call
>> them
>> "Bob992" instead of 13.42.204.192 or whatever.  Making the information
>> packets anonymous.  That would still allow any sort of analysis the Tatars
>> want to
>> make, and not reveal any private information.
>
>
>> W
>> ___
>> foundation-l mailing list
>> foundation-l@lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>>
> ___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>



and i write again, do not you or somebody know why my messages are not
published in the official mail archive? i do not format my message
correctly?

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[aude]

On Sun, Nov 28, 2010 at 3:21 PM, dinar qorbanof  wrote:

> 2010/11/28  :
> > I'm still not clear why we would want to know the IP exactly for
> analytical
> > purposes.  Some intrepid programmer could write a program which would
> > simply collect detailed analysis of a person's in-world behaviour and
> call them
> > "Bob992" instead of 13.42.204.192 or whatever.  Making the information
> > packets anonymous.  That would still allow any sort of analysis the
> Tatars want to
> > make, and not reveal any private information.
> i just has not thought about that as threat. theoretically ip
> addresses can be used to count how much wikipedia readers are in
> russia regions. such statistics is made by russian counters:
> liveinternet, and maybe, mail.ru . but i do not know whether any tatar
> can get such database to make such counter for wikipedia logs.
> probably some russian companies can make such analysis for russian and
> tatar and other wikipedias of languages of russia.
> >the Tatars want to make
> on the one hand, i do not represent [all] tatars, and on the one hand,
> i think i represent also other language native speakers.
>
>
The sampled 1/1000 squid logs can be used for statistical purposes, such as
page view stats.  Someone more techy can answer that better than I can, if
the samples include IP addresses that could be used w/ geoip for geographic
analysis. (I think perhaps not)

Here are the page view stats generated from the squid sample logs:

http://dammit.lt/wikistats/

http://stats.grok.se/

For other analysis of readership, we do get stats from comScore, but that's
survey data from panelists and nothing to do with logs.

http://meta.wikimedia.org/wiki/User:Stu/comScore_data_on_Wikimedia

-Katie (@aude)


___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[aude]

On Sun, Nov 28, 2010 at 2:30 PM,  wrote:

> I'm afraid our Tatar is correct in some senses and others in this thread
> are in a failing  or failed mode.
>
> Each web server, of which the WMF has a few, collects details on the
> behaviour of IPs, in logs.  Those logs can be and probably have been
> requested by
> certain government officials, most likely for the purpose of tracking down
> who is behind a certain "Bad" posting to a BLP.
>
>
CheckUser data (IPs of editors) are kept for 3 months.

http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/CheckUser/CheckUser.php?view=markup

WMF does not keep apache logs which would track what pages people are
reading.''

http://noc.wikimedia.org/conf/httpd.conf (see CustomLog which is commented
out, meaning that access logs are not kept)

There are some logs for the squid servers which are used to generate page
view stats, but those take a 1/1000 sample and there are full squid logs for
click throughs on the fundraising banners.

http://wikitech.wikimedia.org/view/Squid_logging

So, we do not have readership logs except for the sampled squid logs.  For
performance reasons, it's not desirable to collect more detailed logs, nor
would we really want them.

-Katie (@aude)


> In addition, courts can make such orders in order to determine an otherwise
> "John Doe" named in a suit, such as for libel, etc.  It's happened it will
> continue to happen, the WMF does keep such logs.
>
> Knowing the IP, it can then be tracked back to that user's ISP and a log
> again requested to determine the exact person, or at least business or
> household, who used the IP at that exact time.  So playing with words,
> doesn't let
> us get around that point.
>
> I'm still not clear why we would want to know the IP exactly for analytical
> purposes.  Some intrepid programmer could write a program which would
> simply collect detailed analysis of a person's in-world behaviour and call
> them
> "Bob992" instead of 13.42.204.192 or whatever.  Making the information
> packets anonymous.  That would still allow any sort of analysis the Tatars
> want to
> make, and not reveal any private information.


> W
> ___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[dinar qorbanof]

2010/11/28  :
> I'm still not clear why we would want to know the IP exactly for analytical
> purposes.  Some intrepid programmer could write a program which would
> simply collect detailed analysis of a person's in-world behaviour and call 
> them
> "Bob992" instead of 13.42.204.192 or whatever.  Making the information
> packets anonymous.  That would still allow any sort of analysis the Tatars 
> want to
> make, and not reveal any private information.
i just has not thought about that as threat. theoretically ip
addresses can be used to count how much wikipedia readers are in
russia regions. such statistics is made by russian counters:
liveinternet, and maybe, mail.ru . but i do not know whether any tatar
can get such database to make such counter for wikipedia logs.
probably some russian companies can make such analysis for russian and
tatar and other wikipedias of languages of russia.
>the Tatars want to make
on the one hand, i do not represent [all] tatars, and on the one hand,
i think i represent also other language native speakers.

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Benjamin Lees]

On Sun, Nov 28, 2010 at 12:38 PM, Domas Mituzas  wrote:
> Logs cannot be read by wikipedia owners or us government because they don't 
> exist.
There aren't any raw logs?

On Sun, Nov 28, 2010 at 2:30 PM,   wrote:
> Each web server, of which the WMF has a few, collects details on the
> behaviour of IPs, in logs.  Those logs can be and probably have been 
> requested by
> certain government officials, most likely for the purpose of tracking down
> who is behind a certain "Bad" posting to a BLP.
Presumably they would usually just use CheckUser data for that.

On Sun, Nov 28, 2010 at 2:30 PM,   wrote:
> I'm still not clear why we would want to know the IP exactly for analytical
> purposes.  Some intrepid programmer could write a program which would
> simply collect detailed analysis of a person's in-world behaviour and call 
> them
> "Bob992" instead of 13.42.204.192 or whatever.  Making the information
> packets anonymous.  That would still allow any sort of analysis the Tatars 
> want to
> make, and not reveal any private information.
It's a bit more complicated than that.  Sometimes anonymous isn't
anonymous enough: http://en.wikipedia.org/wiki/AOL_search_data_scandal

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[WJhonson]

I'm afraid our Tatar is correct in some senses and others in this thread 
are in a failing  or failed mode.

Each web server, of which the WMF has a few, collects details on the 
behaviour of IPs, in logs.  Those logs can be and probably have been requested 
by 
certain government officials, most likely for the purpose of tracking down 
who is behind a certain "Bad" posting to a BLP.

In addition, courts can make such orders in order to determine an otherwise 
"John Doe" named in a suit, such as for libel, etc.  It's happened it will 
continue to happen, the WMF does keep such logs.

Knowing the IP, it can then be tracked back to that user's ISP and a log 
again requested to determine the exact person, or at least business or 
household, who used the IP at that exact time.  So playing with words, doesn't 
let 
us get around that point.

I'm still not clear why we would want to know the IP exactly for analytical 
purposes.  Some intrepid programmer could write a program which would 
simply collect detailed analysis of a person's in-world behaviour and call them 
"Bob992" instead of 13.42.204.192 or whatever.  Making the information 
packets anonymous.  That would still allow any sort of analysis the Tatars want 
to 
make, and not reveal any private information.

W
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Domas Mituzas]

Hi!

> you have mentioned that provider can give logs to government, probably
> also wikipedia must give its logs to government, if requested, is not
> it?

Wikipedia cannot give logs to government, as it has none.

> users cannot request in provider's official web forum to make dynamic
> ip or nat? probably you mean that they cannot require/demand/claim/request(?) 
> that as their right that is written in
> law.

No IP is anonymous - based on various usage patterns one can determine who is 
behind it :) 

> i am not from "intelligence service" :) . you mean something like spy?

I meant someone who has some sarcasm detection skills. 

> not, i am not. as i said, i ask this because i think that tatar people
> should be managers/adminstrators/controllers of texts they wrote, and
> that texts are read mostly by tatar people. if logs are not published,
> that mean that they can be read by wikipedia owners, by us government,
> but not by tatar people.

Logs cannot be read by wikipedia owners or us government because they don't 
exist.
You're free to suggest aggregations of interest to you - now we provide hourly 
pageview counters for each article. 

Wikipedia does not track its readers, last time I checked. 

> i have not seen that of
> wikipedia. publishing full/raw logs also is not much violence of
> privacy, i think.

I really really would like to avoid going into any ad hominem attacks, but 
you're not capable to see much, then. 

> and wikipedia could say "if you do not want to
> publish your ip, then do not use this" but take in account that there
> is no problem with hiding ip and referer. and so there is no problem
> with anonymous reading.

Wikipedia will not say "do not use this", because its primary goal is to spread 
knowledge, and that includes spreading knowledge to people who value their 
privacy. 

> anonymous writing is already generally blocked by wikipedia itself.

You can edit under a pseudonym. That is already good enough. IPs identify real 
people way more than pseudonyms may do. 

> and users who are "tracked" also will know that their browsing is published.

Sorry, disregard word 'intelligence' used before in any forms. 

Domas


___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[dinar qorbanof]

why my messages are not published in
http://lists.wikimedia.org/pipermail/foundation-l/ (in November 2010:
View by: [ Thread ] or [ Subject ] or [ Author ] or [ Date ]) ?

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[dinar qorbanof]

2010/11/28 FastLizard4 :
> Here in the U.S., ISPs keep records of who used what IP address at what
> time.  So, let's say that I had a dynamic IP address that changed every
> day.  If I got arrested and the courts ordered my ISP to give them a
> list of IP addresses I have used in the last month, they would do so,
> complete with the times I used each IP address.
so in russia. i say only about relative anonymousity, not against
government, but against different people.

>At least here in the
> U.S., dynamic IPs aren't used for anonymity, but simply because there
> aren't enough IPv4 addresses left.
but, maybe, not only for that? maybe, partially also for
partial/relative anonymousity?

> Besides, the aim with keeping IP addresses confidential is not to be
> convenient to people who want access to server logs, but to take
> reasonable measures to protect users' privacy.  Why should we even take
> the risk of putting lists of IP addresses from server logs out in the
> public?
maybe i do not understand this. how keeping ips which are part of logs
can be called convenience to people who can see that logs fully? or
you mean some government people who may request the logs? to wikipedia
owners who want to loook at them? in these cases, also i do not say
that not publishing them to all people is convenience to that
government people or owners.

you have mentioned that provider can give logs to government, probably
also wikipedia must give its logs to government, if requested, is not
it?

>> FastLizard4 has said:
>>> As for open proxies for editing, they are generally
>>> disallowed from editing.
>> i had not known about that. i want to check that.
>
> http://en.wikipedia.org/wiki/Wikipedia:PROXY (Other WMF wikis may have
> different policies on the matter, but the English Wikipedia's is pretty
> common, I believe.)
ah it is wikipedia itself blocks them from editing! then like no
problem! i had thought that proxies do not allow POST requests :) .

>> ...or ask their provider to make anonymous ip for them?
>
> Some ISPs here in the U.S., such as AOL, do use anonymizing proxies
> normally, but many (including AOL) have agreements with the WMF in which
> the ISP will send X-Forwarded-For headers, which contain the original
> user's IP address; XFF headers, if present and approved for use by the
> WMF, are used instead of the external IP as seen by the servers.
i think, ip from xff can be used only together with
anonymouse-external-nat ip, because probably ip from xff is only
unique inside providers internal network. and is that xff ip is logged
by web server? i think that not logged. how it is used/saved/shown in
mediawiki? if 2 ips are needed indeed, as ip pair?

> And,
> as far as I know, in the U.S., requesting an anonymous IP from your ISP
> is not a request a user can make.
users cannot request in provider's official web forum to make dynamic
ip or nat? probably you mean that they cannot
require/demand/claim/request(?) that as their right that is written in
law.

> And, besides, what are we going to do?  Put up a banner on top of every
> WMF website saying "Hey, we're releasing your IP address information to
> people!  If you don't like this, go call your ISP to get an anonymous IP
> address!"  Half the people visiting probably don't even know what an IP
> address is, and in this case, not knowing about it doesn't make it any
> less dangerous to your privacy.
i do not think that to write "ask for anonymouse ip from your
provider". may be this way: "your request, ip address, referer, user
agent are published, read more >>".

>> Huib Laurens has said:
>>> there is
>>> really no good reason given why people should see al the ip
>>> information for all visitors on a wiki
>> what about opening ips not of all wikipedias, but of only several
>> language subdomains?
>
> But, what exactly would you do with the IP address logs
> for a few subdomains, as opposed to the entire Wikimedia farm?
i say this because probably tatar wikipedia for example mostly used by
people whose provider is in russia and i think probably they are
dynamic or under nat. as opposed to english wikipedia, that is usually
used by almost all usa people, who, as you said, use one ip per
family, and uk, australia, etc, about whose providers and ips i do not
know.

2010/11/28 Domas Mituzas :
> Hello,
>
>> should not web server logs (of requests) be published?
>
>
> which intelligence service are you representing?
i am not from "intelligence service" :) . you mean something like spy?
not, i am not. as i said, i ask this because i think that tatar people
should be managers/adminstrators/controllers of texts they wrote, and
that texts are read mostly by tatar people. if logs are not published,
that mean that they can be read by wikipedia owners, by us government,
but not by tatar people.

> there are hourly page view statistics somewhere out there, so most of data is 
> already out, drilling in more would mean violating privacy.
many sites open their statist

Re: [Foundation-l] should not web server logs (of requests) be published?

[Domas Mituzas]

Hello,

> should not web server logs (of requests) be published?


which intelligence service are you representing? 
there are hourly page view statistics somewhere out there, so most of data is 
already out, drilling in more would mean violating privacy.

and no, I don't see this as a per-project negotiable issue. 

Domas
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[FastLizard4]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

My reply inline with quoted message.

dinar qorbanof wrote:
> i have said "as i know it is used to make some anonymousity of ip
> address in russian providers", it is "as i think", i think that
> probably they intentionally use dynamic ip for some anonymousity,
> partially just to connect many people through few ip-addresses. i have
> said "but that was because
> of shortage of ipv4 addresses". but if it is made for anonymousity,
> that can be made also with ipv6.

Here in the U.S., ISPs keep records of who used what IP address at what
time.  So, let's say that I had a dynamic IP address that changed every
day.  If I got arrested and the courts ordered my ISP to give them a
list of IP addresses I have used in the last month, they would do so,
complete with the times I used each IP address.  At least here in the
U.S., dynamic IPs aren't used for anonymity, but simply because there
aren't enough IPv4 addresses left.

> Huib Laurens has said "Its againt the privacy poliicy to publish logs
> like that" and FastLizard4 has said "The Wikimedia Foundation believes
> otherwise.  Take a look at their Privacy Policy".
> these arguments are not very correct, because i say about changing
> that privacy policy itself, and am not i talking to wikimedia
> foundation?

No, you aren't.  You're talking to a mailing list of people interested
in Foundation affairs.  You'll find that most of the people posting to
this list, including myself, are simply volunteer Wikipedia editors
interested in what's going on in the WMF.  There are a few WMF staffers
that subscribe to this list, but this isn't the appropriate place for
requesting a change to the Privacy Policy, and I don't know where that
place is.  And, as I have said, it is *extremely* unlikely that the
Privacy Policy will be changed.  But, I believe to actually propose the
change, you need to go to
.

> FastLizard4 has said:
>> some
>> people are understandably quite frankly scared by the idea of
>> broadcasting their IP address to the world, since very often, rather
>> accurate details about the location - amongst other things - of the user
>> can be found from checking the IP address.
> i think, that is quite secure for them, if only their town or region
> is found.

Although I am no longer really this way, for a few years as a Wikipedia
editor, when I was more active, I certainly didn't want people to know
what city I lived in.  I live in a very small one, and there's probably
twelve or less Wikipedia editors that live there.  Many editors
(especially administrators) have had threats of violence made against
them; all the more reason to keep your IP address secret to ensure one
less way for people to find out where you live.

Besides, the aim with keeping IP addresses confidential is not to be
convenient to people who want access to server logs, but to take
reasonable measures to protect users' privacy.  Why should we even take
the risk of putting lists of IP addresses from server logs out in the
public?

> how many people think so?

You're missing the central point here: the fact that *some* editors do
believe that their IP address should be kept confidential means that IP
address info will be kept confidential for *all* users - it's simply too
much trouble to cherry-pick IPs that want and do not want to be kept
confidential; it's far easier (and makes the Foundation far less liable)
if they just keep all IPs secret.  This is why the process for checking
the IP addresses of registered users is so complex and checked
 - and even then, the
actual IP addresses are never given to anyone.

> how many people have one ip address for a family (home) or even
> personal ip (if it is personal modem of gprs/edge/3g for personal
> notebook)?

I'm not exactly sure what you're asking here, but if I do understand you
correctly, almost everyone here in the U.S. has only one external IP
address per household.  Most families only need (and can afford) one
Internet connection, hence one IP address.  The only exceptions, I'd
imagine, are people that run servers.  Hence why I have two IP addresses
I use primarily - my home, and my server.

> may be they should use proxy
>
> FastLizard4 has said:
>> As for open proxies for editing, they are generally
>> disallowed from editing.
> i had not known about that. i want to check that.

http://en.wikipedia.org/wiki/Wikipedia:PROXY (Other WMF wikis may have
different policies on the matter, but the English Wikipedia's is pretty
common, I believe.)

> ...or ask their provider to make anonymous ip for them?

Some ISPs here in the U.S., such as AOL, do use anonymizing proxies
normally, but many (including AOL) have agreements with the WMF in which
the ISP will send X-Forwarded-For headers, which contain the original
user's IP address; XFF headers, if present and approved for use by the
WMF, are used instead

Re: [Foundation-l] should not web server logs (of requests) be published?

[dinar qorbanof]

i have said "as i know it is used to make some anonymousity of ip
address in russian providers", it is "as i think", i think that
probably they intentionally use dynamic ip for some anonymousity,
partially just to connect many people through few ip-addresses. i have
said "but that was because
of shortage of ipv4 addresses". but if it is made for anonymousity,
that can be made also with ipv6.

Huib Laurens has said "Its againt the privacy poliicy to publish logs
like that" and FastLizard4 has said "The Wikimedia Foundation believes
otherwise.  Take a look at their Privacy Policy".
these arguments are not very correct, because i say about changing
that privacy policy itself, and am not i talking to wikimedia
foundation?

FastLizard4 has said:
>some
>people are understandably quite frankly scared by the idea of
>broadcasting their IP address to the world, since very often, rather
>accurate details about the location - amongst other things - of the user
>can be found from checking the IP address.
i think, that is quite secure for them, if only their town or region
is found. how many people think so? how many people have one ip
address for a family (home) or even personal ip (if it is personal
modem of gprs/edge/3g for personal notebook)? may be they should use
proxy or ask their provider to make anonymous ip for them?
FastLizard4 has said:
> As for open proxies for editing, they are generally
>disallowed from editing.
i had not known about that. i want to check that.

Huib Laurens has said:
>there is
>really no good reason given why people should see al the ip
>information for all visitors on a wiki
what about opening ips not of all wikipedias, but of only several
language subdomains?

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[dinar qorbanof]

i know something about our local providers. tattelecom is adsl
provider, which is only one adsl provider in most villages of republic
of tatarstan, used to use nat, now it is switching to dynamic ip.
ip-addresses of gprs providers are probably like anonymouse. i do not
know much about other adsl and tv cabel internet providers in cities
like kazan and chelny. and there are readers and writers around russia
and world, i do not know much about their providers. as i know it is
used to make some anonymousity of ip address in russian providers, and
as i know there is a big provider in usa, for example (aol?) that
connects lot of people through every IP with nat. but that was because
of shortage of ipv4 addresses.  now ipv6 is coming.

2010/11/28 Huib Laurens :
> Do you have a source that many people use dymamic ip's? Cuz I'm pretty sure
> most of the regular visiters use one ip.
>

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[FastLizard4]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The Wikimedia Foundation believes otherwise.  Take a look at their
Privacy Policy  (relevant
excerpt follows):

"=== IP and other technical information ===
When a visitor requests or reads a page, or sends email to a Wikimedia
server, no more information is collected than is typically collected by
web sites. The Wikimedia Foundation may keep raw logs of such
transactions, but these will not be published or used to track
legitimate users."

I find it extremely unlikely that the WMF will allow an exception to
this rule.  While I don't care if people know my IP address(es), some
people are understandably quite frankly scared by the idea of
broadcasting their IP address to the world, since very often, rather
accurate details about the location - amongst other things - of the user
can be found from checking the IP address.  In the end, it pretty much
comes down to the fact that the WMF simply won't release this
information, short of a ruling from the Board of Trustees.  Not very
likely to happen.  In addition, by extension of that excerpt from the
privacy policy, I don't think the Foundation would agree to publish
anonymized logs either.  You also point out that many users edit
anonymously, publishing their IP address instead of a username.  I would
view this under the context of the Privacy Policy as voluntary release
of IP address by a user, much as if I posted the IP address I use on my
Wikipedia userpage.

As for NATs and dynamic IP addresses, NATs really don't mean anything
except at large corporations or schools (aside from a convenient way to
put multiple computers on one network); even then, the "external" IP
used by the NAT/Internet gateway is usually a sufficient privacy
concern.  And dynamic IP addresses usually don't change very much - for
example, my dynamic IP doesn't actually change unless I shut off my DSL
modem for a good few minutes, which I haven't done since the last power
outage.  And, of course, anyone editing from a school, business, or
other institution would most likely have a static IP address, which
could (should?) even, through RDNS, resolve back to the name of that
institution.  As for open proxies for editing, they are generally
disallowed from editing.
- --
- --FastLizard4 (http://en.wikipedia.org/wiki/User:FastLizard4)

dinar qorbanof wrote:
> i do not think that ip address is so important private information,
> many people browse through dynamic ip and NAT.
> 
> ___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFM8iqzIUvvVwjDo7YRAs4hAKDGfnpsRk6iBkUf4C1jiIWSF1UCzQCePU2O
a/ji6Ujigzv/i9oDGNDlfKY=
=AM8U
-END PGP SIGNATURE-

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Huib Laurens]

Do you have a source that many people use dymamic ip's? Cuz I'm pretty sure
most of the regular visiters use one ip.

2010/11/28 dinar qorbanof 

> i do not think that ip address is so important private information,
> many people browse through dynamic ip and NAT.
>
> ___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>



-- 
Regards,
Huib "Abigor" Laurens



Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate
___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[dinar qorbanof]

i do not think that ip address is so important private information,
many people browse through dynamic ip and NAT.

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Nikola Smolenski]

Дана Sunday 28 November 2010 09:53:06 Huib Laurens написа:
> Its againt the privacy poliicy to publish logs like that, and there is

It should be possible to anonymyse the logs sufficiently so that no private 
information could be gained from them.

> really no good reason given why people should see al the ip
> information for all visitors on a wiki

Well it would be possible to create custom analysers of the logs.

> 2010/11/28, dinar qorbanof :
> > hello
> > should not web server logs (of requests) be published?
> >
> > my native language is tatar and i would or i am going to write to
> > tatar wikipedia and say other people to write to it.
> > authors/managers/administrators of tatar texts are tatar people. for
> > that i think it is correct if tatar people can see web server logs. i
> > think this would not be bad for privacy of readers, because they would
> > see that logs are published, and can access wikipedia through proxy to
> > hide their ip address. ip-addresses of anonymous writers are already
> > published. if anonymouse readers want to hide their referer or search
> > keywords, they also can hide that by copy-pasting wikipedia article
> > url, and this also should be said shortly on every page and in privacy
> > page.
> > another advantage of this is that people could create custom analysers
> > of the logs.
> >
> > i think logs should be divided with directory structure by years,
> > months, days, and probably hours.

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Nikola Smolenski]

Дана Sunday 28 November 2010 09:35:40 dinar qorbanof написа:
> another advantage of this is that people could create custom analysers
> of the logs.

For now, see http://stats.wikimedia.org/EN/TablesWikipediaTT.htm and 
http://stats.grok.se/tt/201009/ .

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Re: [Foundation-l] should not web server logs (of requests) be published?

[Huib Laurens]

Its againt the privacy poliicy to publish logs like that, and there is
really no good reason given why people should see al the ip
information for all visitors on a wiki

2010/11/28, dinar qorbanof :
> hello
> should not web server logs (of requests) be published?
>
> my native language is tatar and i would or i am going to write to
> tatar wikipedia and say other people to write to it.
> authors/managers/administrators of tatar texts are tatar people. for
> that i think it is correct if tatar people can see web server logs. i
> think this would not be bad for privacy of readers, because they would
> see that logs are published, and can access wikipedia through proxy to
> hide their ip address. ip-addresses of anonymous writers are already
> published. if anonymouse readers want to hide their referer or search
> keywords, they also can hide that by copy-pasting wikipedia article
> url, and this also should be said shortly on every page and in privacy
> page.
> another advantage of this is that people could create custom analysers
> of the logs.
>
> i think logs should be divided with directory structure by years,
> months, days, and probably hours.
>
> ___
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>

-- 
Verzonden vanaf mijn mobiele apparaat

Regards,
Huib "Abigor" Laurens



Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

[Foundation-l] should not web server logs (of requests) be published?

[dinar qorbanof]

hello
should not web server logs (of requests) be published?

my native language is tatar and i would or i am going to write to
tatar wikipedia and say other people to write to it.
authors/managers/administrators of tatar texts are tatar people. for
that i think it is correct if tatar people can see web server logs. i
think this would not be bad for privacy of readers, because they would
see that logs are published, and can access wikipedia through proxy to
hide their ip address. ip-addresses of anonymous writers are already
published. if anonymouse readers want to hide their referer or search
keywords, they also can hide that by copy-pasting wikipedia article
url, and this also should be said shortly on every page and in privacy
page.
another advantage of this is that people could create custom analysers
of the logs.

i think logs should be divided with directory structure by years,
months, days, and probably hours.

___
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l